Svoboda Cybersecurity Brief October 06, 2025
Zero-day Zimbra XSS Exploit via Malicious ICS Files
Threat actors exploited CVE-2025-27915, an XSS flaw in Zimbra Collaboration Suite (ZCS) versions 9.0, 10.0, and 10.1, using malicious iCalendar (.ICS) files to inject JavaScript payloads. The attack targeted a Brazilian military organization, stealing credentials, emails, and contacts via Zimbra’s SOAP API.
Impact: Credential theft, email exfiltration, and session hijacking.
Mitigation: Patch ZCS to versions 9.0.0 P44, 10.0.13, or 10.1.5; monitor for anomalous .ICS file attachments.
Source: BleepingComputer
ParkMobile Settles 2021 Breach with $1 Credit Offer
ParkMobile resolved a $32.8 million class action lawsuit over a 2021 breach affecting 22 million users, offering victims a $1 in-app credit (split into four $0.25 discounts). The breach exposed hashed passwords, license plates, and contact details, later leaked on hacking forums.
Source: BleepingComputer
Share this brief: https://svo.bz/LZsA
If you want to support us, you can donate here: Donate